[Pdns-users] Unable to forward-zone to primary PowerDNS server

Clarence Mills cmmills at protonmail.com
Mon Jul 6 16:13:18 UTC 2020


Hel
Hello,

Just recently set up a network containing 1 dnsdist, 1 reccursor and 1 PDNS server. I'm unable to resolve my internal domain millsresidence.com. I'm using forward-zones-recurse=millsresidence.com=192.168.0.32 within my recursor. i've attached my config below.
- dnsdist: 192.168.0.18
- recursor: 192.168.0.22
- PDNS server: 192.168.0.32

DNSDIST confirg
===============
-- https://github.com/PowerDNS/pdns/issues/7394
-- dnsdist configuration file, an example can be found in /usr/share/doc/dnsdist/examples/
setACL('192.168.0.0/24') -- Allow from home network
addLocal('192.168.0.18:53',{reusePort=true, tcpFastOpenQueueSize=0, tcpFastOpenSize=0}) -- for dns over port 53 ipv4 , set X(int) for tcp fast open queue size
addAction(MaxQPSIPRule(400), DropAction()) -- set X(int) number of queries to be allowed per second from a IP
addAction(AndRule({QTypeRule(dnsdist.ANY), TCPRule(false)}), DropAction()) -- drop ANY queries sent over udp , not useful for DoT and DoH only servers.
pc = newPacketCache(10000, 86400, 600) -- set X number of entries to be in dnsdist cache by default , memory will be preallocated based on the X number
getPool(""):setCache(pc) -- deafult cache
setStaleCacheEntriesTTL(43200) -- expire cache after 12 hour
newServer({address="192.168.0.22", name=recursor, order=2})
newServer({address="192.168.0.32", name=auth, order=1})
setServerPolicy(whashed) -- first server within its QPS limit
setSecurityPollSuffix("")
webserver("192.168.0.18:8083", "gr33n") --dependent on ACL rules

recursor config
=============
allow-from=192.168.0.0/24
any-to-tcp=yes
## API
api-config-dir=/opt/powerdns_recursor
api-logfile=/var/log/pdns.log
loglevel=8
config-dir=/etc/powerdns
daemon=yes
hint-file=/usr/share/dns/root.hints
include-dir=/etc/powerdns/recursor.d
local-address=192.168.0.22
local-port=53
lua-config-file=/etc/powerdns/recursor.lua
quiet=no
#################################
# security-poll-suffix Domain name from which to query security update notifications
setgid=pdns
setuid=pdns
#################################
# webserver Start a webserver (for REST API)
webserver=yes
webserver-address=0.0.0.0
webserver-allow-from=192.168.0.0/24
webserver-password=gr33n
webserver-port=8082
api-key=gr33n
write-pid=yes
forward-zones-recurse=millsresidence.com=192.168.0.32

I would aprreciate any insights.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200706/691937df/attachment.htm>


More information about the Pdns-users mailing list